1 files changed, 249 insertions, 0 deletions

diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java
new file mode 100644
index 000000000..109d17d11
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java
@@ -0,0 +1,249 @@
+/*
+* Copyright 2003 Federal Chancellery Austria
+*
+* Licensed under the Apache License, Version 2.0 (the "License");
+* you may not use this file except in compliance with the License.
+* You may obtain a copy of the License at
+*
+*     http://www.apache.org/licenses/LICENSE-2.0
+*
+* Unless required by applicable law or agreed to in writing, software
+* distributed under the License is distributed on an "AS IS" BASIS,
+* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+* See the License for the specific language governing permissions and
+* limitations under the License.
+*/
+package at.gv.egovernment.moa.id.auth.servlet;
+
+import java.io.ByteArrayOutputStream;
+import java.io.IOException;
+import java.io.InputStream;
+import java.util.Enumeration;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+
+import javax.servlet.RequestDispatcher;
+import javax.servlet.ServletConfig;
+import javax.servlet.ServletContext;
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServlet;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.apache.commons.fileupload.FileItem;
+import org.apache.commons.fileupload.FileItemFactory;
+import org.apache.commons.fileupload.FileUploadException;
+import org.apache.commons.fileupload.disk.DiskFileItemFactory;
+import org.apache.commons.fileupload.servlet.ServletFileUpload;
+
+import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
+import at.gv.egovernment.moa.id.auth.WrongParametersException;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.URLDecoder;
+
+/**
+ * Base class for MOA-ID Auth Servlets, providing standard error handling
+ * and constant names.
+ * 
+ * @author Paul Ivancsics
+ * @version $Id$
+ */
+public class AuthServlet extends HttpServlet implements MOAIDAuthConstants {
+
+
+  /**
+   * Handles an error. <br>>
+   * <ul>
+   * <li>Logs the error</li>
+   * <li>Places error message and exception thrown into the request 
+   * 		 as request attributes (to be used by <code>"/errorpage-auth.jsp"</code>)</li>
+   * <li>Sets HTTP status 500 (internal server error)</li>
+   * </ul>
+   * 
+   * @param errorMessage error message
+   * @param exceptionThrown exception thrown
+   * @param req servlet request
+   * @param resp servlet response
+   */
+	protected void handleError(
+		String errorMessage, Throwable exceptionThrown, HttpServletRequest req, HttpServletResponse resp) {
+
+		
+		if(null != errorMessage) {
+			Logger.error(errorMessage);
+			req.setAttribute("ErrorMessage", errorMessage	);	
+		}
+		
+		
+		if (null != exceptionThrown) {
+			if(null == errorMessage) errorMessage = exceptionThrown.getMessage();
+			Logger.error(errorMessage, exceptionThrown);
+			req.setAttribute("ExceptionThrown", exceptionThrown);
+		}
+		
+		if (Logger.isDebugEnabled()) {
+		   req.setAttribute("LogLevel", "debug");
+		}
+				
+		//forward this to errorpage-auth.jsp where the HTML error page is generated
+		ServletContext context = getServletContext();
+		RequestDispatcher dispatcher = context.getRequestDispatcher("/errorpage-auth.jsp");
+		try		{
+			
+			 resp.setHeader(MOAIDAuthConstants.HEADER_EXPIRES,MOAIDAuthConstants.HEADER_VALUE_EXPIRES);
+				resp.setHeader(MOAIDAuthConstants.HEADER_PRAGMA,MOAIDAuthConstants.HEADER_VALUE_PRAGMA);
+				resp.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL);
+				resp.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE);
+			
+      dispatcher.forward(req, resp);
+    } catch (ServletException e) {
+      Logger.error(e);
+    } catch (IOException e) {
+			Logger.error(e);
+    }
+		
+	}
+  /**
+   * Handles a <code>WrongParametersException</code>.
+   * @param req servlet request
+   * @param resp servlet response
+   */
+  protected void handleWrongParameters(WrongParametersException ex, HttpServletRequest req, HttpServletResponse resp) {
+    Logger.error(ex.toString());
+    req.setAttribute("WrongParameters", ex.getMessage());
+
+    //	forward this to errorpage-auth.jsp where the HTML error page is generated 
+    ServletContext context = getServletContext();
+    RequestDispatcher dispatcher = context.getRequestDispatcher("/errorpage-auth.jsp");
+    try {
+    	resp.setHeader(MOAIDAuthConstants.HEADER_EXPIRES,MOAIDAuthConstants.HEADER_VALUE_EXPIRES);
+		resp.setHeader(MOAIDAuthConstants.HEADER_PRAGMA,MOAIDAuthConstants.HEADER_VALUE_PRAGMA);
+		resp.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL);
+		resp.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE);
+		
+      dispatcher.forward(req, resp);
+    } catch (ServletException e) {
+      Logger.error(e);
+    } catch (IOException e) {
+      Logger.error(e);
+    }
+  }
+  
+  /**
+   * Logs all servlet parameters for debugging purposes.
+   */
+  protected void logParameters(HttpServletRequest req) {
+    for (Enumeration params = req.getParameterNames(); params.hasMoreElements(); ) {
+      String parname = (String)params.nextElement();
+      Logger.debug("Parameter " + parname + req.getParameter(parname));    
+    }
+  }
+  
+  /**
+     * Parses the request input stream for parameters, assuming parameters are encoded UTF-8
+     * (no standard exists how browsers should encode them).
+     * 
+     * @param req servlet request
+     * 
+     * @return mapping parameter name -> value
+     * 
+     * @throws IOException if parsing request parameters fails.
+     * 
+     * @throws FileUploadException if parsing request parameters fails.
+     */
+  protected Map getParameters(HttpServletRequest req) 
+    throws IOException, FileUploadException {
+    
+    Map parameters = new HashMap();
+
+ 
+    if (ServletFileUpload.isMultipartContent(req))
+    {
+      // request is encoded as mulitpart/form-data
+      FileItemFactory factory = new DiskFileItemFactory();
+      ServletFileUpload upload = null;
+      upload = new ServletFileUpload(factory);
+      List items = null;
+      items = upload.parseRequest(req);
+      for (int i = 0; i < items.size(); i++)
+      {
+        FileItem item = (FileItem) items.get(i);
+        if (item.isFormField())
+        {
+          // Process only form fields - no file upload items
+          String logString =  item.getString("UTF-8");
+       
+          // TODO use RegExp
+          String startS = "<pr:Identification><pr:Value>";
+          String endS = "</pr:Value><pr:Type>urn:publicid:gv.at:baseid</pr:Type>";
+          String logWithMaskedBaseid = logString;
+          int start = logString.indexOf(startS);
+          if (start > -1) {
+             int end = logString.indexOf(endS);
+             if (end > -1) {
+                logWithMaskedBaseid = logString.substring(0, start);
+                logWithMaskedBaseid += startS;
+                logWithMaskedBaseid += "xxxxxxxxxxxxxxxxxxxxxxxx";
+                logWithMaskedBaseid += logString.substring(end, logString.length());
+             }
+          }
+          parameters.put(item.getFieldName(), item.getString("UTF-8"));
+          Logger.debug("Processed multipart/form-data request parameter: \nName: " +
+              item.getFieldName() + "\nValue: " + 
+              logWithMaskedBaseid);
+        }
+      }
+    }
+    
+    else
+    {
+      // request is encoded as application/x-www-urlencoded
+      InputStream in = req.getInputStream();
+
+      String paramName;
+      String paramValueURLEncoded;
+      do {
+        paramName = new String(readBytesUpTo(in, '='));
+        if (paramName.length() > 0) {
+          paramValueURLEncoded = readBytesUpTo(in, '&');
+          String paramValue = URLDecoder.decode(paramValueURLEncoded, "UTF-8");
+          parameters.put(paramName, paramValue);
+        }
+      }
+      while (paramName.length() > 0);
+      in.close();
+    }
+
+    return parameters;
+  }
+  
+  /**
+     * Reads bytes up to a delimiter, consuming the delimiter.
+     * @param in input stream
+     * @param delimiter delimiter character
+     * @return String constructed from the read bytes
+     * @throws IOException
+     */
+  protected String readBytesUpTo(InputStream in, char delimiter) throws IOException {
+    ByteArrayOutputStream bout = new ByteArrayOutputStream();
+    boolean done = false;
+    int b;
+    while (! done && (b = in.read()) >= 0) {
+      if (b == delimiter)
+        done = true;
+      else
+        bout.write(b);
+    }
+    return bout.toString();
+  }
+	
+	/**
+	 * Calls the web application initializer.
+	 * 
+	 * @see javax.servlet.Servlet#init(ServletConfig)
+	 */
+	public void init(ServletConfig servletConfig) throws ServletException {
+		super.init(servletConfig);
+	}
+}